A secure model for efficient live migration of containers

2019-09-01
Mavus, Zeynep
Angın, Pelin
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and the cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the minimum possible downtime. Live migration is also required for system maintenance, load balancing, and protecting services from attacks through moving target defense. While migrating a service, the system should not be vulnerable to attacks. In this work, we propose a secure model for efficient live migration of containers. Because the applications are isolated from each other while running in Docker containers, checkpointing method was used to generate required migration data. In our proposed model, we provide security of the migration data using secure authentication, and ensuring all connections between the nodes are protected to provide communication security, making the system protected against migration attacks. The efficiency of the migration system designed based on the proposed model has been proven on stateless and stateful sample applications. Experiments with applications running on the Docker container platform demonstrate that the proposed approach achieves significantly better performance than its virtual machine live migration counterpart.
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Suggestions

Secure model for efficient live migration of containers
Mavuş, Zeynep; Angın, Pelin; Department of Computer Engineering (2019)
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the mini...
An MTD-Based Self-Adaptive Resilience Approach for Cloud Systems
VİLLARREAL VASQUEZ, Miguel; BHARGAVA, Bharat; Angın, Pelin; AHMED, Norman; GOODWİN, Daniel; BRİN, Kory; KOBES, Jason (2017-06-30)
Advances in cloud computing have made it a feasible and cost-effective solution to improve the resiliency of enterprise systems. However, the replication approach taken by cloud computing to provide resiliency leads to an increase in the number of ways an attacker can exploit or penetrate the systems. This calls for designing cloud systems that can accurately detect anomalies and dynamically adapt themselves to keep performing mission-critical functions even under attacks and failures. In this paper, we pro...
A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing
Bhargava, Bharat; Angın, Pelin; Ranchal, Rohit; Lingayat, Sunil (2015-01-01)
The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds ma...
A Big Data Analytical Approach to Cloud Intrusion Detection
Gulmez, Halim Gorkem; Tuncel, Emrah; Angın, Pelin (null; 2018-06-30)
Advances in cloud computing in the past decade have made it a feasible option for the high performance computing and mass storage needs of many enterprises due to the low startup and management costs. Due to this prevalent use, cloud systems have become hot targets for attackers aiming to disrupt reliable operation of large enterprise systems. The variety of attacks launched on cloud systems, including zero-day attacks that these systems are not prepared for, call for a unified approach for real-time detect...
A NOVEL CONTAINER ATTACKS DATA SET FOR INTRUSION DETECTION
Oğur, Hale Bera; Angın, Pelin; Department of Computer Engineering (2022-5-17)
Recent years have witnessed a rapid increase in the use of the cloud, and especially the container technology, which is very convenient to use in the cloud environment due to its ability to deploy microservices quickly and easily. A number of studies have been carried out on the security of this technology since the day it started to be used. However, ensuring inclusive security is still a critical need. As containers are a relatively new technology, it is essential to discover their security vulnerabilitie...
Citation Formats
Z. Mavus and P. Angın, “A secure model for efficient live migration of containers,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, pp. 21–44, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/38239.